WASHINGTON — Thursday’s reports described how some of the NSA’s “most intensive efforts” focused on Secure Sockets Layer, a type of encryption widely used on the Web by online retailers and corporate networks to secure their Internet traffic. One document said GCHQ had been trying for years to exploit traffic from popular companies like Google, Yahoo, Microsoft and Facebook.
GCHQ, they said, developed “new access opportunities” into Google’s computers by 2012 but said the newly released documents didn’t elaborate on how extensive the project was or what kind of data it could access.
Even though the latest document disclosures suggest the NSA is able to compromise many encryption programs, Snowden himself touted using encryption software when he first surfaced with his media revelations in June.
During a Web chat organized by the Guardian on June 17, Snowden told one questioner that “encryption works.” Snowden said that “properly implemented strong crypto systems” were reliable, but he then alluded to the NSA’s capability to crack tough encryption systems. “Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it,” Snowden said.
It was unclear if Snowden drew a distinction between everyday encryption used on the Internet — the kind described in Thursday’s reports — versus more-secure encryption algorithms used to store data on hard drives and often requires more processing power to break or decode. Snowden used an encrypted email account from a now-closed private email company, Lavabit, when he sent out invitations to a mid-July meeting at Moscow’s Sheremetyevo International Airport.
The operator of Lavabit LLC, Ladar Levison, suspended operations of the encrypted mail service in August, citing a pending “fight in the 4th (U.S.) Circuit Court of Appeals.” Levison did not explain the pressures that forced him to shut the firm down but added that “a favorable decision would allow me to resurrect Lavabit as an American company.”